Which of the following enables the person responsible for contingency planning to focus risk management
efforts and resources in a prioritized manner only on the identified risks?

A.
Risk assessment

B.
Residual risks

C.
Security controls

D.
Business units

Explanation:
A risk assessment is a critical part of the disaster recovery planning process. In disaster recovery planning,
once you’ve completed a business impact analysis (BIA), the next step is to perform a risk assessment.
Once risks and vulnerabilities have been identified, i.e. after the risk assessment has been completed, four
types of defensive responses can be considered:
Protective measures
Mitigation measures
Recovery activities
Contingency plans
Incorrect Answers:
B: Contingency plans depend on risk assessments, not on residual risks. The residual risk is remaining risk
after the security controls have been applied.
C: Contingency plans depend on risk assessments, not on Security controls.
D: Contingency plans depend on risk assessments, not on Business units.

http://searchdisasterrecovery.techtarget.com/Risk-assessments-in-disaster-recovery-planning-A-free-IT-riskassessment-template-and-guide